You want to allow HTTPD on the inside LAN still? If so just:
ipchains -A input -p tcp --dport 80 -j DENY -i
ipchains -A input -p tcp --dport 443 -j DENY -i
This will firewall all incoming HTTP/HTTPS requests on the external interface, while still allowing for HTTP/HTTPS connections on the internal interface. Note the above rule should not affect routing/NAT, this only affects incoming connections to the mentioned ports.
If you wish for these rules to persist on boot, I would recommend appending them to the bottom of /etc/rc.d/rc.local
Note that most likely is eth1, depending on your configuration.
Let me know if this rule works out for you, if not, I'd be more than willing to help further.
Hope this helped,
Nathan